Delegate Directory Join Privileges for Simple AD

To join a computer to your directory, you need an account that has privileges to join
computers to the directory.

With Simple AD, members of the Domain Admins group
have sufficient privileges to join computers to the directory.

However, as a best practice, you
should use an account that has only the minimum privileges necessary. The following
procedure demonstrates how to create a new group called Joiners and
delegate the privileges to this group that are needed to join computers to the
directory.

You must perform this procedure on a machine that is joined to your directory and
has the
Active Directory User and Computers MMC snap-in installed. You must
also be logged in as a domain administrator.

To delegate join privileges for Simple AD

Open Active Directory User and Computers and select your
domain root in the navigation tree.

In the navigation tree on the left, open the context menu (right-click) for
Users, choose New, and then choose
Group.